Software Bills of Materials (SBOMs) have quickly become a critical component in modern software supply chain security. By offering a transparent view of all the components that make up your applications, SBOMs enable you to pinpoint vulnerabilities before they escalate into costly incidents.
As we enter 2025, software supply chain security and risk management for 3rd-party software dependencies are top of mind for organizations. The 2024 Anchore Software Supply Chain Security Survey notes that 76% of organizations consider these challenges top priorities. Given this, it is easy to see why understanding what SBOMs are—and how to implement them—is key to a secure software supply chain.
To help organizations achieve these top priorities Anchore is hosting a weekly webinar series dedicated entirely to SBOMs. Beginning January 14 and running throughout Q1, our webinar line-up will explore a wide range of topics (see below). Industry luminaries like Kate Stewart (co-founder of the SPDX project) and Steve Springett (Chair of the OWASP CycloneDX Core Working Group) will be dropping in to provide unique insights and their special blend of expertise on all things SBOMs.
The series will cover:
- SBOM basics and best practices
- SDPX and SBOMs in-depth with Kate Stewart
- Getting started: How to generate an SBOM
- Software supply chain security and CycloneDX with Steve Springett
- Scaling SBOMs for the enterprise
- Real-world insights on applying SBOMs in high-stakes or regulated sectors
- A look ahead at the future of SBOMs and software supply chain security with Kate Stewart
- And more!
We invite you to learn from experts, gain practical skills, and stay ahead of the rapidly evolving world of software supply chain security. Visit our events page to register for the webinars now or keep reading to get a sneak peek at the content.
#1 Understanding SBOMs: An Intro to Modern Development
Date/Time: Tuesday, January 14, 2025 – 10am PST / 1pm EST
Featuring:
- Lead Developer of Syft
- Anchore VP of Security
- Anchore Director of Developer Relations
We are kicking off the series with an introduction to the essentials of SBOMs. This session will cover the basics of SBOMs—what they are, why they matter, and how to get started generating and managing them. Our experts will walk you through real-world examples (including Log4j) to show just how vital it is to know what’s in your software.
Key Topics:
- Defining SBOM standards and formats
- Best practices for generating and automating SBOMs
- Integrating SBOMs into existing infrastructure and workflows
- Practical tips for protecting against emerging supply chain threats
This webinar is perfect for both technical practitioners and business leaders looking to establish a strong SBOM foundation.
#2 Understanding SBOMs: Deep Dive with Kate Stewart
Date/Time: Wednesday, January 22, 2025 – 10am PST / 1pm EST
Featured Guest: Kate Stewart (co-founder of SPDX)
Our second session brings you a front-row seat to an in-depth conversation with Kate Stewart, co-founder of the SPDX project. Kate is a leading voice in software supply chain security and the SBOM standard. From the origins of the SPDX standard to the latest challenges in license compliance, Kate will provide an extensive behind-the-scenes look into the world of SBOMs.
Key Topics:
- The history and evolution of SBOMs, including the creation of SPDX
- Balancing license compliance with security requirements
- How SBOMs support critical infrastructure with national security concerns
- The impact of emerging technology—like open source LLMs—on SBOM generation and analysis
If you’re ready for a more advanced look at SBOMs and their strategic impact, you won’t want to miss this conversation.
#3 How to Automate, Generate, and Manage SBOMs
Date/Time: Wednesday, January 29, 2025 – 12pm EST / 9am PST
Featuring:
- Anchore Director of Developer Relations
- Anchore Principal Solutions Engineer
For those seeking a hands-on approach, this webinar dives into the specifics of automating SBOM generation and management within your CI/CD pipeline. Anchore's very own Alan Pope (Developer Relations) and Sean Fazenbaker (Solutions) will walk you through proven techniques for integrating SBOMs to reveal early vulnerabilities, minimize manual interventions, and improve overall security posture.
Key Topics:
- Automating SBOM generation during build and deployment stages
- Seamless integration into existing CI/CD workflows
- Managing SBOM data at scale
- Balancing cost and effort between manual processes and automation
This is the perfect session for teams focused on shifting security left and preserving developer velocity.
What’s Next?
Beyond our January line-up, we have more exciting sessions planned throughout Q1. Each webinar will feature industry experts and dive deeper into specialized use-cases and future technologies:
- CycloneDX & OWASP with Steve Springett – A closer look at this popular SBOM format, its technical architecture, and VEX integration.
- SBOM at Scale: Enterprise SBOM Management – Learn from large organizations that have successfully rolled out SBOM practices across hundreds of applications.
- SBOMs in High-Stakes Environments – Explore how regulated industries like healthcare, finance, and government handle unique compliance challenges and risk management.
- The Future of Software Supply Chain Security – Join us in March as we look ahead at emerging standards, tools, and best practices with Kate Stewart returning as the featured guest.
Stay tuned for dates and registration details for each upcoming session. Follow us on your favorite social network (Twitter, Linkedin, Bluesky) or visit our events page to stay up-to-date.
Learn about the role that SBOMs for the security of your organization in this white paper.
